|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Canonicalization
From: Yann (cactux
gmail.com)
Date: Wed Apr 12 2006 - 07:31:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
11 Apr 2006 13:12:29 -0000, susam_palyahoo.co.in <susam_palyahoo.co.in>:
> I found the following paragraph in owasp.org. Can someone please elaborate on this?
>
> Parameters must be converted to the simplest form before they are validated,
> otherwise, malicious input can be masked and it can slip past filters. The process of
> simplifying these encodings is called "canonicalization."
There is a (very short) article on Wikipedia, to begin with:
http://en.wikipedia.org/wiki/Canonicalization
There is an example, not directly related to security.
Yann
--
__________________________________________________________
Yann Cochard : http://yanncochard.com/
Au Cactus Francophone : http://www.cactuspro.com/
Kaella, Knoppix Linux Azur : http://kaella.linux-azur.org/
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]